Vishing: a fraud to steal money and Internet banking details

Last Edit: 25/10/18

Most Internet users are probably accustomed to the term phishing -- where
fraudsters send unsolicited emails to entice unsuspecting victims to pass
over their banking details -- but chances are they're unaware of the term:
vishing. So, what is vishing? its a similar behaviour to phishing, but instead
of using emails, the fraudsters phone up their victims. With banks and credit
card companies regularly phoning their customers to verify payments and warn
customers about potential fraudulent use of their account, fraudsters can
appear entirely plausible when they phone a customer and purport to an official
from a bank or building society (typically their security or fraud squad).
M&S bank has also warned that fraudsters sometimes claim to be the police
or another trusted source, such as the local council.

The story given by the fraudster will, of course, vary, but the premise will
be similar: that a problem has occurred that urgently requires the bank customer
to hand over financial information (such as card details, login information,
and pin numbers), or requires the customer to make a payment from their account
to the fraudsters account for 'safekeeping' -- to solve the 'problem' the
fraudster has invented. In reality, there is no problem, and if a customer
does transfer funds from their account to the fraudsters account -- to solve
the 'problem' -- then the bank may not provide compensation to their customer
because the customer has authorised the payment. In May 2018, the BBC reported
on a vishing scam that netted £1.2m in the north east of Scotland, and
quoted Det Insp McPhail who said "Let me be clear that banks will never
make phone calls like this asking you to move money".

Techniques that fraudsters use, and should be watched out for:

Phone number spoofing:
they can make the number look like the banks on caller ID.

They use background noise to make it appear the fraudster is calling from
a call centre.

They sometimes 'hold the line', so when the caller tries to phone another
number it goes back to the fraudster.

How to combat vishing:

Customers should always be wary of phone calls from a bank, and should not
be afraid to refuse requests for information.

Fraudsters can already possess many details about bank customers (address,
account number, contact details) due to identity theft and data breaches.
Therefore, just because someone phoning knows details about the bank customer,
it should not be assumed they are official and not a fraudster.

Fraudsters will often target the elderly and retired. Elderly relatives
should be warned about vishing.

Customers should never give pin numbers or security details to someone who
has phoned claiming to be from a bank or building society.

Banks will never ask their customers to move money to another account.

If customers are suspicious or unsure, then always end the call, and phone
the bank on their official phone number (found on their bank statement) to
verify if the bank has phoned.

To combat 'holding the line' schemes, use a different phone (if possible,
such as a mobile) to phone the bank to verify the bank has officially phoned.

In conclusion, bank customers should not underestimate how sophisticated
fraudsters can be when using a vishing scam. It is not only the elderly who
have been tricked by such schemes, businesses, law firms, charities and sports
clubs have also been targeted and become a victim. Whenever a customer is
contacted by a bank, or someone purporting to be from a bank, they need to
automatically be suspicious, and consider seriously whether this is a scam
or not. Whenever there is doubt end the phone call.